Lecture Schedule, Fall 2013

[Sep 4: Lecture 1]
Introduction and overview. Private-key cryptography. The syntax of private-key encryption. The shift cipher.
Reading: Sections 1.1, 1.2, and 1.3 (through page 11).
[Sep 6]
Class cancelled due to Rosh Hashanah.
[Sep 9: Lecture 2]
Some historical encryption schemes and their cryptanalysis.
Reading: Section 1.3.
[Sep 11: Lecture 3]
More historical encryption schemes and their cryptanalysis. Modern cryptography.
Reading: Sections 1.3 and 1.4.
[Sep 13: Lecture 4]
Modern cryptography: definitions, assumptions, and proofs. Defining perfectly secret encryption.
Reading: Sections 1.2, 1.4, and 2.1.
[Sep 16: Lecture 5]
Perfect secrecy and the one-time pad. Limitations of perfect secrecy. Toward a computational notion of secrecy.
Reading: Sections 2.2 and 2.3.
[Sep 18: Lecture 6]
HW1 review. A computational notion of secrecy.
Reading: Sections 3.1.1, 3.1.2, and 3.2.1. (See also the same sections in the second edition.)
[Sep 20: Lecture 7] (TA lecture)
Computational notions of security.
Reading: Sections 3.1.1, 3.1.2, and 3.2.1. (See also the same sections in the second edition.)
[Sep 23: Lecture 8]
A computational notion of security. Pseudorandom generators.
Reading: Sections 3.2.1 and 3.3 in the first edition. (See also Sections 3.2.1 and 3.3.1 in the second edition.)
[Sep 25: Lecture 9]
Pseudorandom generators and stream ciphers. Non-trivial encryption from any pseudorandom generator.
Reading: Sections 3.1.3, 3.3, and 3.4.1 in the first edition. (Section 3.1.3 plus all of Section 3.3 in the second edition, though we did not yet talk about stream ciphers.)
[Sep 27: Lecture 10] (TA lecture)
Stronger notions of security for encryption.
Reading:Sections 3.4.3 and 3.5 in the first edition. (Section 3.4 in the second edition.)
[Sep 30: Lecture 11]
CPA-security; impossibility of CPA-security for deterministic encryption schemes. Pseudorandom functions.
Reading: Sections 3.5 and 3.6.1 in the first edition. (Sections 3.4 and 3.5.1 in the second edition.)
[Oct 2: Lecture 12]
Pseudorandom functions: definitions and (counter-)examples.
Reading: Section 3.6.1 in the first edition. (Section 3.5.1 in the second edition.)
[Oct 4: Lecture 13]
Pseudorandom permutations and block ciphers. CPA-security from pseudorandom functions.
Reading: Sections 3.6.2 and 3.6.3 in the first edition. (Sections 3.5.1 and 3.5.2 in the second edition.)
[Oct 7: Lecture 14]
Proving CPA-security. Modes of encryption.
Reading: Section 3.6.4 in the first edition. (Section 3.6.2 in the second edition.)
[Oct 9: Lecture 15]
CCA security and malleability. Integrity and message authentication codes.
Reading: Section 3.7 in the first edition. (Section 3.7.1 in the second edition.) Sections 4.1, 4.2, and 4.3.
[Oct 11: Lecture 16]
Defining security for message authentication codes. Constructing a secure MAC for short messages. Toward MACs for arbitrary length messages.
Reading: Sections 4.3 and 4.4.
[Oct 14: Lecture 17]
MACs for arbitrary-length messages. CBC-MAC. Authenticated encryption.
Reading: Sections 4.4 and 4.5 from the first edition. Section 4.5.1 from the second edition.
[Oct 16: Lecture 18]
Authenticated encryption. Hash functions.
Reading: Sections 4.5.1 and 4.5.2 from the second edition. Sections 4.6.1, 4.6.3, and 4.6.5 from the first edition.
[Oct 18: Lecture 19]
Hash functions and birthday attacks. Hash-and-MAC. HMAC.
Reading: Sections 4.6.1, 4.6.3, and 4.6.5 from the first edition.
[Oct 21: Lecture 20]
Exam review.
[Oct 23: Midterm exam]
[Oct 25: Lecture 21]
Practical constructions of pseudorandom generators: stream ciphers. LFSRs.
Reading: second edition, Sections 6.1.1 and 6.1.2.
[Oct 28: Lecture 22]
Stream ciphers. Adding non-linearity to LFSRs. Trivium and RC4.
Reading: second edition, Sections 6.1.2, 6.1.3, and 6.1.4 (but you are not responsible for the attacks on RC4).
[Oct 30: Lecture 23]
Exam review.
[Nov 1: Lecture 24]
Practical constructions of pseudorandom permutations: block ciphers. Substitution-permutation networks.
Reading: second edition, Section 6.2.1.
[Nov 4: Lecture 25]
Substitution-permutation networks (SPNs). Attacks on reduced-round SPNs.
Reading: second edition, Section 6.2.1.
[Nov 6: Lecture 26]
Feistel networks. The Data Encryption Standard (DES).
Reading: second edition, Sections 6.2.2 and 6.2.3.
[Nov 8: Lecture 27]
2DES and triple-DES. Meet-in-the-middle attacks. AES.
Reading: second edition, Sections 6.2.4 and 6.2.5.
[Nov 11: Lecture 28]
Basic number theory and algorithmic number theory.
Reading: Section 7.1.1 and Appendix B.1.
[Nov 13: Lecture 29]
Modular arithmetic and efficient algorithms.
Reading: Section 7.1.2 and Appendices B.2.1, B.2.2, and B.2.3.
[Nov 15: Lecture 30]
Group theory.
Reading: Section 7.1.3.
[Nov 18: Lecture 31]
Group theory; factoring.
Reading: Sections 7.1.4 and 7.2.1.
[Nov 20: Lecture 32]
The factoring and RSA assumptions. Cyclic groups.
Reading: Sections 7.2.3, 7.2.4, and 7.3.1.
[Nov 22: Lecture 33]
Hardness assumptions in cyclic groups: the discrete-logarithm assumption.
Reading: Sections 7.3.1 and 7.3.2.
[Nov 25: Lecture 34]
The Diffie-Hellman problems. Drawbacks of private-key cryptography, and the public-key setting.
Reading: Sections 7.3.2, 7.3.3, 9.1, and 9.3.
[Nov 27: Lecture 35]
The Diffie-Hellman key-exchange protocol, and how it addresses the drawbacks of private-key cryptography.
Reading: Section 9.4.
[Dec 2: Lecture 36]
The public-key setting. Public-key encryption: syntax and definitions of security.
Reading: Sections 10.1 and 10.2.1.
[Dec 4: Lecture 37]
El Gamal encryption. "Textbook RSA" encryption and its insecurity.
Reading: Sections 10.5 and 10.4.1.
[Dec 6: Lecture 38]
Padded RSA encryption. Hybrid encryption.
Reading: Sections 10.4.3 and 10.3.
[Dec 9: Lecture 39]
Digital signatures. The "textbook RSA" signature scheme.
Reading: Sections 12.1, 12.2, and 12.3.1.
[Dec 11: Lecture 40]
Hashed RSA. Certificate authorities and public-key infrastructure (PKI).
Reading: Sections 12.3.1, 12.3.2, and 12.8. (Optional: See Section 13.3 for a proof of security for Hashed RSA.)
[Dec 13: Lecture 41]
Course review.
[Dec 21: Final Exam]